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PCI SOLUTIONS FOR QUALYS PARTNERS 
A summary of Qualys’ offerings for Partners looking to help their customers meet the 
Payment Card Industry Data Security Standard (PCI-DSS) 


PCI Basics 

PCI requires that all Merchants and Service Providers involved in processing, transmitting or storing card- 
holder information adhere to the PCI Data Security Standard (PCI-DSS). The PCI-DSS outlines the 
requirements an organization must follow in order to process, transmit and store cardholder data securely. 


Although all guidelines must be met, the key PCI Validation Requirements specifying the necessary actions 
that must be taken in order to officially ‘Validate’ compliance include: 


- Validation Requirement #1 specifies that each organization must complete a network vulnerabil 
ity scan, certified by an Approved Scanning Vendor (ASV), every 90 days. To achieve a passing 
PCI status, all devices must be scanned and free of any critical vulnerability. This report must then 
be submitted to the organization’s Acquiring Bank quarterly. 


- Validation Requirement #2 specifies that each organization must complete a Self-Assessment 
Questionnaire (SAQ), or perform an On-Site Audit. Level 1 Merchants are required to perform an 
On-Site Audit. All other Merchants, including Level 2, 3 and 4, must complete a Self-Assessment 
Questionnaire. The Questionnaire, or Audit results, must then be submitted to the organization’s 
Acquiring Bank annually. 


QualysGuard Meets PCI Requirements 
Qualys provides a simple 3-step process for merchants to Achieve and Validate PCI Compliance with their 
Acquiring Institutions. 


Step 1: Using Qualys, complete the Internal and External PCI Scans Quarterly. 
= Runa PCI Scan 
- Remediate any Critical Vulnerabilities (Level 3, 4, 5) 
- Run a verification scan to ensure all vulnerabilities have been remediated 


Step 2: Complete the Self-Assessment Questionnaire or On-Site Audit. 
- Level 1 Merchants must complete an On-Site Assessment by a QSA Annually 
- Level 2, 3, 4 Merchants must complete a Self-Assessment Questionnaire (SAQ) Annually 


Step 3: Submit Proof-of-Compliance report to Acquiring Institutions. 
- PCI Scan Reports must be submitted Quarterly 
- Self-Assessment Questionnaire or Audit Results must be submitted Annually 
- PCI Scan Reports and the Self-Assessment Questionnaires can be automatically submitted 
to Acquiring Banks within QualysGuard PCI. 
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PCI Solutions for Qualys Partners 


Why Partner with Qualys for PCI 
Qualys provides an automated platform by which Partners can 
quickly and easily launch a PCI practice. In fact, over 50% of 
all Approved Scanning Vendors (ASVs) have standardized on 
Qualys’ scanning technology for their PCI scanning services. 


- Satisfy your Customers Immediate PCI Needs 
Partners who have yet to be certified as an ASV, but have 
customers with immediate needs, can resell QualysGuard 
to their customers. In this case, Qualys will assume the 
duties of the ASV, assessing and certifying compliance. 


- Become an ASV Qualys makes it easy to become an 


- Acquiring Banks / Payment Processors / ISO’s 
Qualys enables Acquiring Banks, Payment Processors, 
and ISO’s who are concerned with protecting their customer’s 
data, to provide their merchants with a simple & cost 
effective PCI Scanning Solution by reselling QualysGuard. 


How Qualys Compares to other PCI Scan Offerings 

Since 1999, Qualys has been providing the most accurate and 
comprehensive network vulnerability audits in the industry. 

As the first security company to leverage the Software-as-a- 
Service (SaaS) delivery model, QualysGuard was designed 
from the ground-up to perform Internet-based audits quickly 


Approved Scanning Vendor by helping Partners prepare 
for, and successfully pass, the ASV test - all at no addi- 
tional charge. Qualys makes it so easy to become an 
ASV, over 50% of all ASVs have standardized on Qualys’ 
scanning technology. 


- Additional Benefits for QSA Partners Qualified 
Security Assessor (QSA) Partners benefit by being able to 
provide their customers with a PCI Scanning Solution, 
thus satisfying both the ASV & QSA requirements. 


Qualys PCI Solution Comparison Matrix 


and effectively. 


Additional QualysGuard Advantages 


Instantly deployable & available via a web browser 
Easy to pilot, administrate and manage 
Most accurate (Six-Sigma) scan results in the industry 


Industry’s most comprehensive knowledge base of 
vulnerability checks 


Vulnerability signatures updated automatically 
Scans are safe (non-intrusive) to run during production hours 


Detailed, customized reporting with comprehensive 
remediation instructions 


Award winning solution with 24x7 customer support 


FUNCTIONALITY (etei e] QG ENTERPRISE QG EXPRESS QG CONSULTANT (asv) QG CONSULTANT (NON ASV) 
External PCI Scanning Y Y Vv Y Resell QG PCI, Enterprise or Express 
Full External Vulnerability Scanning x Vv "a Y "a 
Full Internal Vulnerability Scanning X Y v Y v 
(w/ QG Scanner Appliance) (w/ QG Scanner Appliance) (w/ QG Scanner Appliance) (w/ QG Scanner Appliance) 

PCI Scan API Support x Y v Y Resell QG PCI, Enterprise or Express 
PCI - Segmented IP Scan Y v v v Resell QG PCI, Enterprise or Express 
PCI - False Positive Workflow Y v v X Resell QG PCI, Enterprise or Express 
PCI Certified Executive Report (PDF) Yv Y Y Vv Resell QG PCI, Enterprise or Express 
PCI Certified Technical Report (PDF) Vv Vv v Vv Resell QG PCI, Enterprise or Express 
PCI Self-Assessment Questionnaire Vv v v x Resell QG PCI, Enterprise or Express 
Electronic Submission of PCI Reports Y v v X Resell QG PCI, Enterprise or Express 
Notes: * QualysGuard PCI meets PCI * PCI Application provides this * PCI Application provides this 

DSS external scanning requirements | functionality and is packaged with | functionality and is packaged with 

for compliance. For comprehensive | QualysGuard Enterprise. QualysGuard Express. 

internal and external security 

scanning QualysGuard Enterprise 

or Express is required. 


To learn more about Qualys and the PCI solution offerings available to Partners, please visit our website at 
http://www.qualys.com/partners/pci/ or contact our Partner team at (650) 801 6100. 
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